SOC, Content

How to Build a SOC (Security Operations Center): 11 Secrets to Success

System Security Specialist Working at System Control Center. Room is Full of Screens Displaying Various Information.

How can you build, staff, maintain and scale a security operations center (SOC)? Before you pursue answers to those questions it's important to determine whether you should actually build a SOC.

After all, many small MSPs can't afford to build & staff a full-blown SOC. Instead, the wiser move may involve partnering with SOC as a Service (SOCaaS) providers and/or larger MSSPs and MDR (managed detection and response) service providers that already have security operations center capabilities in place.

That said, a blueprint for SOC success can be extremely valuable to MSPs and MSSPs of all sizes. With such a blueprint in place, you're better equipped to ask the risk questions as you evaluate a "build, buy or partner" journey in the SOC market.

Security Operations Center Success: MITRE's Advice

One such blueprint for SOC success comes from MITRE, which has published 11 Strategies of a World-Class Cybersecurity Operations Center. Dig a little deeper, and MITRE essentially says that the 11 secrets to SOC success involve:

  1. Know what you are protecting and why.
  2. Give the SOC the authority to do its job.
  3. Build a SOC structure to match your organizational needs.
  4. Hire and grow quality staff.
  5. Prioritize incident response.
  6. Illuminate adversaries with cyber threat intelligence.
  7. Select and collect the right data.
  8. Leverage tools to support analyst workflow.
  9. Communicate clearly, collaborate often, and share generously.
  10. Measure performance to improve performance.
  11. Turn up the volume by expanding SOC functionality.

How to Build A SOC: Highlights You Can Download

If you're not quite ready to dive into the full book, you can read highlights from the book and a bit more about each of those 11 SOC strategies here.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.